A simple technology for linking EHRs will have a major impact on health care.
We’ve all heard the one about what does the barking dog do when it catches the car.
The dogs of health IT seem to have caught their car when the Interim Final Rule for standards for meaningful use accepted certification of “EHR Modules” and left it up to the marketplace to decide how the modules would communicate with each other. I think ONC deserves much praise for a very fair and innovation-friendly approach.
OAuth is a relatively simple Web standard for authorizing a limited link between one server and another. Some describe it as a valet key to your car that allows you, the owner, to give the valet a key that doesn’t open the trunk or let the car go more than 30 mph. When two EHR servers or two EHR modules are linked via OAuth they can be anywhere on the Web and they can be operated by completely different enterprises. The authority to establish and limit the link can come from the patient directly or from a provider under the HIPAA laws.
The impact on health care comes from the power of OAuth to catalyze modular EHRs by providing the same free interface inside and outside an institution. Current institution-centered EHR, favored by the cats, don’t need OAuth interfaces or CCRs to achieve meaningful use certification because one vendor controls one database for one institution.
Under the IFR rules, a new generation of EHR will now be possible where multiple vendors can benefit from free and efficient interfaces even within a single institution. In radiology, the DICOM standard allows CT scanners from vendor A and MR from vendor B to work seamlessly with workstations from a vendor that knows nothing about either CT or MR and long-term storage off-site at a service that works with all CT, MR and workstation vendors. Vendors seldom charge for for DICOM interfaces and many have adopted or adapted open source software for the DICOM stack as a way to reduce costs and improve quality.
Compared to DICOM, OAuth will be revolutionary. This is because DICOM is some 25 years old and never intended to cross firewalls or to support the strict HITECH act “accounting for disclosures” privacy mandates. OAuth, by working seamlessly across the Internet, enables cloud-based and patient-centered EHR architectures that will drive decision support for clinicians, informed consent for patients and rapid innovation for institutions as health records portability becomes the norm.
Elizabeth Cohen’s wonderful article on CNN [ http://www.cnn.com/2010/HEALTH/01/14/medical.records/index.html ] and Dave deBronkart’s rallying cry just might ignite a revolution catalyzed by the simplicity and transparency of OAuth and redefine the physician-patient contract in 21′st century terms.
Adrian Gropper, MD is a founder of MedCommons, with roots in patient-controlled and patient-centered health records that go back to MIT’s Guardian Angel project. AMICAS, a more recent radiology-focused venture, pioneered the clinical use of Web browsers and protocols. Adrian is driven by the vision of doctors and patients collaborating around shared health records on the Web.